Some interesting data points presented recently at the Messaging Anti-Abuse Working Group conference point towards a set of email users that are either clueless or Evel Knievel risk takers:

• • Roughly half of survey respondents had opened a spam message at one time or another
  • 1 in 10 have either clicked on links or downloaded attachments from spam messages
  • 1 in 5 opened the message “to see what would happen”
  • 4% replied to the messages and another 4% forwarded them to other people

All this points towards a large pool of at risk email users.  Here at Save the Mail though, we are of the opinion (and we think most would agree) that users as a whole aren’t the email idiots this study would have you believe. Sure, there are some bad apples but there are, and have always been, the exceptions. Given a choice most users will apply the prudent email best practice that IT has been extolling for years:

Don’t open email from sources you don’t recognize.

At Save the Mail we believe the better solution is:

Don’t accept email from sources you don’t know (or want).

Ultimately we need to change the conversation. Rather than putting in solutions which keep the bad mail out, how about a solution that only allows the good mail in? If we let users decide who they want to email the "crap" doesn’t have a chance. Again, (other than the bad apples) when was the last time you received spam from someone you trusted? Yes, it happens, but again, it’s extremely rare. And if the message happens to have a virus then any good anti-spam solution is going to detect the virus and prevent delivery of the message.

Granted this is only possible when the right solution in place, but this is still the ideal scenario. When email users are given the ability to choose who to receive email from, you are far safer than when you either a) accept all inbound email messages or b) “guess” as to what is, or isn’t, good and bad.

And letting users decide gives IT a chance to spend their time on more important tasks. How much money is wasted by IT people digging through spam folders looking for the latest “most important email ever”? Why not let users do this? Remember, with the right solution users can only release clean messages from people they trust so, really, what’s the harm?

There will always be IT support stories about the latest “the user did what?” But with a whole new generation entering the work force, we will start seeing a shift towards users who have spent their whole life with email, the internet and social networks like LinkedIn and Facebook. This shift in the work force will not be without it’s challenges but explaining how to use email will not be one of them. Why not shift the anti-spam strategy now and let users decide?

To reiterate: the incident involved the state’s ONLINE DRIVING EXAM SYSTEM. The remarks were made at a panel discussion at RSA earlier this month on state cybersecurity.

While we understand the need for a certain level of discreetness on cybersecurity topics, especially when they have to do with our government this incident was not a threat to America’s security or livelihood by any stretch.

It was nothing more than an embarrassing moment for the state of Pennsylvania.

But what has us extremely worried here has been the firing of Maley and the subsequent “lockdown” on talking about cybersecurity by state officials in PA.

Does a lack of dialogue surrounding cybersecurity really make businesses and government agencies a more secure place? In some instances, yes – let’s not advertise huge gaping holes in our government’s cyber network.

But in this situation, the answer is a surrounding NO. How are we going to fix the “gaping holes” if we simply ignore them?

What better opportunity to discuss the complex issues surrounding securing our businesses’ and government’s cyber infrastructure than with the non-life threatening example Maley brought up of the state’s online driving exam system?

By stifling the dialogue on the cybersecurity, Pennsylvania is doing businesses and internet users a disservice - and passing up an opportunity to educate the public on cybersecurity vulnerabilities and dangers. 7RF7P2NCE2QK

Scareware instances have increased by 660% over the past 2 years and 400% in the last 12 months. And it’s no coincidence – there is some serious cash to be made here.

According to Francois Paget, a security research expert with McAfee Labs, “one company known as ‘Innovative Marketing’ made an estimated $180 million through these scams in one year, and more than four million consumers purchased their fake security software thinking it was real.”

Scareware has been around since as early as 1991, but has only grown “legs” in the last few years – now that users know they NEED to protect their computer, criminals are taking advantage of it. And it’s paying off (ergo it will continue).

Don’t let it happen to you or your users, check out this quick guide on how to protect yourself from these types of attacks and stay safe out there!

In our first ever installment of Groove and Dude, Groove asks the age old question: why do totally awesome emails get blocked by those gnarly content filters?

When you can't get that totally righteous recipe for Chicken from your best mate, it might be time to consider a different approach to your email security solution.

Email end-users are tired of bugging an IT person for help finding that latest missing email (think email false positives) – but we think you brave email users are more than capable of handling your email yourself.

You seem to manage just fine with your Facebook and LinkedIn accounts – deciding without the help of an IT person who you’d like to communicate with. And while we may occasionally hear from people we don't want to, none of us have managed to take the system down yet.

So Dude, why can’t people have the same ability with email? (Video created using the very fun Xtranormal program)